1 | <?php
|
---|
2 | /**
|
---|
3 | * WordPress User API
|
---|
4 | *
|
---|
5 | * @package WordPress
|
---|
6 | */
|
---|
7 |
|
---|
8 | /**
|
---|
9 | * Authenticate user with remember capability.
|
---|
10 | *
|
---|
11 | * The credentials is an array that has 'user_login', 'user_password', and
|
---|
12 | * 'remember' indices. If the credentials is not given, then the log in form
|
---|
13 | * will be assumed and used if set.
|
---|
14 | *
|
---|
15 | * The various authentication cookies will be set by this function and will be
|
---|
16 | * set for a longer period depending on if the 'remember' credential is set to
|
---|
17 | * true.
|
---|
18 | *
|
---|
19 | * @since 2.5.0
|
---|
20 | *
|
---|
21 | * @param array $credentials Optional. User info in order to sign on.
|
---|
22 | * @param bool $secure_cookie Optional. Whether to use secure cookie.
|
---|
23 | * @return object Either WP_Error on failure, or WP_User on success.
|
---|
24 | */
|
---|
25 | function wp_signon( $credentials = '', $secure_cookie = '' ) {
|
---|
26 | if ( empty($credentials) ) {
|
---|
27 | if ( ! empty($_POST['log']) )
|
---|
28 | $credentials['user_login'] = $_POST['log'];
|
---|
29 | if ( ! empty($_POST['pwd']) )
|
---|
30 | $credentials['user_password'] = $_POST['pwd'];
|
---|
31 | if ( ! empty($_POST['rememberme']) )
|
---|
32 | $credentials['remember'] = $_POST['rememberme'];
|
---|
33 | }
|
---|
34 |
|
---|
35 | if ( !empty($credentials['remember']) )
|
---|
36 | $credentials['remember'] = true;
|
---|
37 | else
|
---|
38 | $credentials['remember'] = false;
|
---|
39 |
|
---|
40 | // TODO do we deprecate the wp_authentication action?
|
---|
41 | do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
|
---|
42 |
|
---|
43 | if ( '' === $secure_cookie )
|
---|
44 | $secure_cookie = is_ssl() ? true : false;
|
---|
45 |
|
---|
46 | global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
|
---|
47 | $auth_secure_cookie = $secure_cookie;
|
---|
48 |
|
---|
49 | add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);
|
---|
50 |
|
---|
51 | $user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
|
---|
52 |
|
---|
53 | if ( is_wp_error($user) ) {
|
---|
54 | if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {
|
---|
55 | $user = new WP_Error('', '');
|
---|
56 | }
|
---|
57 |
|
---|
58 | return $user;
|
---|
59 | }
|
---|
60 |
|
---|
61 | wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
|
---|
62 | do_action('wp_login', $credentials['user_login']);
|
---|
63 | return $user;
|
---|
64 | }
|
---|
65 |
|
---|
66 |
|
---|
67 | /**
|
---|
68 | * Authenticate the user using the username and password.
|
---|
69 | */
|
---|
70 | add_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
|
---|
71 | function wp_authenticate_username_password($user, $username, $password) {
|
---|
72 | if ( is_a($user, 'WP_User') ) { return $user; }
|
---|
73 |
|
---|
74 | if ( empty($username) || empty($password) ) {
|
---|
75 | $error = new WP_Error();
|
---|
76 |
|
---|
77 | if ( empty($username) )
|
---|
78 | $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
|
---|
79 |
|
---|
80 | if ( empty($password) )
|
---|
81 | $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
|
---|
82 |
|
---|
83 | return $error;
|
---|
84 | }
|
---|
85 |
|
---|
86 | $userdata = get_userdatabylogin($username);
|
---|
87 |
|
---|
88 | if ( !$userdata ) {
|
---|
89 | return new WP_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login')));
|
---|
90 | }
|
---|
91 |
|
---|
92 | $userdata = apply_filters('wp_authenticate_user', $userdata, $password);
|
---|
93 | if ( is_wp_error($userdata) ) {
|
---|
94 | return $userdata;
|
---|
95 | }
|
---|
96 |
|
---|
97 | if ( !wp_check_password($password, $userdata->user_pass, $userdata->ID) ) {
|
---|
98 | return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: Incorrect password. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login')));
|
---|
99 | }
|
---|
100 |
|
---|
101 | $user = new WP_User($userdata->ID);
|
---|
102 | return $user;
|
---|
103 | }
|
---|
104 |
|
---|
105 | /**
|
---|
106 | * Authenticate the user using the WordPress auth cookie.
|
---|
107 | */
|
---|
108 | function wp_authenticate_cookie($user, $username, $password) {
|
---|
109 | if ( is_a($user, 'WP_User') ) { return $user; }
|
---|
110 |
|
---|
111 | if ( empty($username) && empty($password) ) {
|
---|
112 | $user_id = wp_validate_auth_cookie();
|
---|
113 | if ( $user_id )
|
---|
114 | return new WP_User($user_id);
|
---|
115 |
|
---|
116 | global $auth_secure_cookie;
|
---|
117 |
|
---|
118 | if ( $auth_secure_cookie )
|
---|
119 | $auth_cookie = SECURE_AUTH_COOKIE;
|
---|
120 | else
|
---|
121 | $auth_cookie = AUTH_COOKIE;
|
---|
122 |
|
---|
123 | if ( !empty($_COOKIE[$auth_cookie]) )
|
---|
124 | return new WP_Error('expired_session', __('Please log in again.'));
|
---|
125 |
|
---|
126 | // If the cookie is not set, be silent.
|
---|
127 | }
|
---|
128 |
|
---|
129 | return $user;
|
---|
130 | }
|
---|
131 |
|
---|
132 | /**
|
---|
133 | * Retrieve user data based on field.
|
---|
134 | *
|
---|
135 | * Use get_profile() will make a database query to get the value of the table
|
---|
136 | * column. The value might be cached using the query cache, but care should be
|
---|
137 | * taken when using the function to not make a lot of queries for retrieving
|
---|
138 | * user profile information.
|
---|
139 | *
|
---|
140 | * If the $user parameter is not used, then the user will be retrieved from a
|
---|
141 | * cookie of the user. Therefore, if the cookie does not exist, then no value
|
---|
142 | * might be returned. Sanity checking must be done to ensure that when using
|
---|
143 | * get_profile() that empty/null/false values are handled and that something is
|
---|
144 | * at least displayed.
|
---|
145 | *
|
---|
146 | * @since 1.5.0
|
---|
147 | * @uses $wpdb WordPress database object to create queries.
|
---|
148 | *
|
---|
149 | * @param string $field User field to retrieve.
|
---|
150 | * @param string $user Optional. User username.
|
---|
151 | * @return string The value in the field.
|
---|
152 | */
|
---|
153 | function get_profile($field, $user = false) {
|
---|
154 | global $wpdb;
|
---|
155 | if ( !$user )
|
---|
156 | $user = $wpdb->escape($_COOKIE[USER_COOKIE]);
|
---|
157 | return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
|
---|
158 | }
|
---|
159 |
|
---|
160 | /**
|
---|
161 | * Number of posts user has written.
|
---|
162 | *
|
---|
163 | * @since 0.71
|
---|
164 | * @uses $wpdb WordPress database object for queries.
|
---|
165 | *
|
---|
166 | * @param int $userid User ID.
|
---|
167 | * @return int Amount of posts user has written.
|
---|
168 | */
|
---|
169 | function get_usernumposts($userid) {
|
---|
170 | global $wpdb;
|
---|
171 | $userid = (int) $userid;
|
---|
172 | $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post'));
|
---|
173 | return apply_filters('get_usernumposts', $count, $userid);
|
---|
174 | }
|
---|
175 |
|
---|
176 | /**
|
---|
177 | * Check that the user login name and password is correct.
|
---|
178 | *
|
---|
179 | * @since 0.71
|
---|
180 | * @todo xmlrpc only. Maybe move to xmlrpc.php.
|
---|
181 | *
|
---|
182 | * @param string $user_login User name.
|
---|
183 | * @param string $user_pass User password.
|
---|
184 | * @return bool False if does not authenticate, true if username and password authenticates.
|
---|
185 | */
|
---|
186 | function user_pass_ok($user_login, $user_pass) {
|
---|
187 | $user = wp_authenticate($user_login, $user_pass);
|
---|
188 | if ( is_wp_error($user) )
|
---|
189 | return false;
|
---|
190 |
|
---|
191 | return true;
|
---|
192 | }
|
---|
193 |
|
---|
194 | //
|
---|
195 | // User option functions
|
---|
196 | //
|
---|
197 |
|
---|
198 | /**
|
---|
199 | * Retrieve user option that can be either global, user, or blog.
|
---|
200 | *
|
---|
201 | * If the user ID is not given, then the current user will be used instead. If
|
---|
202 | * the user ID is given, then the user data will be retrieved. The filter for
|
---|
203 | * the result, will also pass the original option name and finally the user data
|
---|
204 | * object as the third parameter.
|
---|
205 | *
|
---|
206 | * The option will first check for the non-global name, then the global name,
|
---|
207 | * and if it still doesn't find it, it will try the blog option. The option can
|
---|
208 | * either be modified or set by a plugin.
|
---|
209 | *
|
---|
210 | * @since 2.0.0
|
---|
211 | * @uses $wpdb WordPress database object for queries.
|
---|
212 | * @uses apply_filters() Calls 'get_user_option_$option' hook with result,
|
---|
213 | * option parameter, and user data object.
|
---|
214 | *
|
---|
215 | * @param string $option User option name.
|
---|
216 | * @param int $user Optional. User ID.
|
---|
217 | * @param bool $check_blog_options Whether to check for an option in the options table if a per-user option does not exist. Default is true.
|
---|
218 | * @return mixed
|
---|
219 | */
|
---|
220 | function get_user_option( $option, $user = 0, $check_blog_options = true ) {
|
---|
221 | global $wpdb;
|
---|
222 |
|
---|
223 | $option = preg_replace('|[^a-z0-9_]|i', '', $option);
|
---|
224 | if ( empty($user) )
|
---|
225 | $user = wp_get_current_user();
|
---|
226 | else
|
---|
227 | $user = get_userdata($user);
|
---|
228 |
|
---|
229 | if ( isset( $user->{$wpdb->prefix . $option} ) ) // Blog specific
|
---|
230 | $result = $user->{$wpdb->prefix . $option};
|
---|
231 | elseif ( isset( $user->{$option} ) ) // User specific and cross-blog
|
---|
232 | $result = $user->{$option};
|
---|
233 | elseif ( $check_blog_options ) // Blog global
|
---|
234 | $result = get_option( $option );
|
---|
235 | else
|
---|
236 | $result = false;
|
---|
237 |
|
---|
238 | return apply_filters("get_user_option_{$option}", $result, $option, $user);
|
---|
239 | }
|
---|
240 |
|
---|
241 | /**
|
---|
242 | * Update user option with global blog capability.
|
---|
243 | *
|
---|
244 | * User options are just like user metadata except that they have support for
|
---|
245 | * global blog options. If the 'global' parameter is false, which it is by default
|
---|
246 | * it will prepend the WordPress table prefix to the option name.
|
---|
247 | *
|
---|
248 | * @since 2.0.0
|
---|
249 | * @uses $wpdb WordPress database object for queries
|
---|
250 | *
|
---|
251 | * @param int $user_id User ID
|
---|
252 | * @param string $option_name User option name.
|
---|
253 | * @param mixed $newvalue User option value.
|
---|
254 | * @param bool $global Optional. Whether option name is blog specific or not.
|
---|
255 | * @return unknown
|
---|
256 | */
|
---|
257 | function update_user_option( $user_id, $option_name, $newvalue, $global = false ) {
|
---|
258 | global $wpdb;
|
---|
259 | if ( !$global )
|
---|
260 | $option_name = $wpdb->prefix . $option_name;
|
---|
261 | return update_usermeta( $user_id, $option_name, $newvalue );
|
---|
262 | }
|
---|
263 |
|
---|
264 | /**
|
---|
265 | * Get users for the blog.
|
---|
266 | *
|
---|
267 | * For setups that use the multi-blog feature. Can be used outside of the
|
---|
268 | * multi-blog feature.
|
---|
269 | *
|
---|
270 | * @since 2.2.0
|
---|
271 | * @uses $wpdb WordPress database object for queries
|
---|
272 | * @uses $blog_id The Blog id of the blog for those that use more than one blog
|
---|
273 | *
|
---|
274 | * @param int $id Blog ID.
|
---|
275 | * @return array List of users that are part of that Blog ID
|
---|
276 | */
|
---|
277 | function get_users_of_blog( $id = '' ) {
|
---|
278 | global $wpdb, $blog_id;
|
---|
279 | if ( empty($id) )
|
---|
280 | $id = (int) $blog_id;
|
---|
281 | $users = $wpdb->get_results( "SELECT user_id, user_id AS ID, user_login, display_name, user_email, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE {$wpdb->users}.ID = {$wpdb->usermeta}.user_id AND meta_key = '{$wpdb->prefix}capabilities' ORDER BY {$wpdb->usermeta}.user_id" );
|
---|
282 | return $users;
|
---|
283 | }
|
---|
284 |
|
---|
285 | //
|
---|
286 | // User meta functions
|
---|
287 | //
|
---|
288 |
|
---|
289 | /**
|
---|
290 | * Remove user meta data.
|
---|
291 | *
|
---|
292 | * @since 2.0.0
|
---|
293 | * @uses $wpdb WordPress database object for queries.
|
---|
294 | *
|
---|
295 | * @param int $user_id User ID.
|
---|
296 | * @param string $meta_key Metadata key.
|
---|
297 | * @param mixed $meta_value Metadata value.
|
---|
298 | * @return bool True deletion completed and false if user_id is not a number.
|
---|
299 | */
|
---|
300 | function delete_usermeta( $user_id, $meta_key, $meta_value = '' ) {
|
---|
301 | global $wpdb;
|
---|
302 | if ( !is_numeric( $user_id ) )
|
---|
303 | return false;
|
---|
304 | $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
|
---|
305 |
|
---|
306 | if ( is_array($meta_value) || is_object($meta_value) )
|
---|
307 | $meta_value = serialize($meta_value);
|
---|
308 | $meta_value = trim( $meta_value );
|
---|
309 |
|
---|
310 | if ( ! empty($meta_value) )
|
---|
311 | $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $user_id, $meta_key, $meta_value) );
|
---|
312 | else
|
---|
313 | $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
|
---|
314 |
|
---|
315 | wp_cache_delete($user_id, 'users');
|
---|
316 |
|
---|
317 | return true;
|
---|
318 | }
|
---|
319 |
|
---|
320 | /**
|
---|
321 | * Retrieve user metadata.
|
---|
322 | *
|
---|
323 | * If $user_id is not a number, then the function will fail over with a 'false'
|
---|
324 | * boolean return value. Other returned values depend on whether there is only
|
---|
325 | * one item to be returned, which be that single item type. If there is more
|
---|
326 | * than one metadata value, then it will be list of metadata values.
|
---|
327 | *
|
---|
328 | * @since 2.0.0
|
---|
329 | * @uses $wpdb WordPress database object for queries.
|
---|
330 | *
|
---|
331 | * @param int $user_id User ID
|
---|
332 | * @param string $meta_key Optional. Metadata key.
|
---|
333 | * @return mixed
|
---|
334 | */
|
---|
335 | function get_usermeta( $user_id, $meta_key = '') {
|
---|
336 | global $wpdb;
|
---|
337 | $user_id = (int) $user_id;
|
---|
338 |
|
---|
339 | if ( !$user_id )
|
---|
340 | return false;
|
---|
341 |
|
---|
342 | if ( !empty($meta_key) ) {
|
---|
343 | $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
|
---|
344 | $user = wp_cache_get($user_id, 'users');
|
---|
345 | // Check the cached user object
|
---|
346 | if ( false !== $user && isset($user->$meta_key) )
|
---|
347 | $metas = array($user->$meta_key);
|
---|
348 | else
|
---|
349 | $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
|
---|
350 | } else {
|
---|
351 | $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
|
---|
352 | }
|
---|
353 |
|
---|
354 | if ( empty($metas) ) {
|
---|
355 | if ( empty($meta_key) )
|
---|
356 | return array();
|
---|
357 | else
|
---|
358 | return '';
|
---|
359 | }
|
---|
360 |
|
---|
361 | $metas = array_map('maybe_unserialize', $metas);
|
---|
362 |
|
---|
363 | if ( count($metas) == 1 )
|
---|
364 | return $metas[0];
|
---|
365 | else
|
---|
366 | return $metas;
|
---|
367 | }
|
---|
368 |
|
---|
369 | /**
|
---|
370 | * Update metadata of user.
|
---|
371 | *
|
---|
372 | * There is no need to serialize values, they will be serialized if it is
|
---|
373 | * needed. The metadata key can only be a string with underscores. All else will
|
---|
374 | * be removed.
|
---|
375 | *
|
---|
376 | * Will remove the metadata, if the meta value is empty.
|
---|
377 | *
|
---|
378 | * @since 2.0.0
|
---|
379 | * @uses $wpdb WordPress database object for queries
|
---|
380 | *
|
---|
381 | * @param int $user_id User ID
|
---|
382 | * @param string $meta_key Metadata key.
|
---|
383 | * @param mixed $meta_value Metadata value.
|
---|
384 | * @return bool True on successful update, false on failure.
|
---|
385 | */
|
---|
386 | function update_usermeta( $user_id, $meta_key, $meta_value ) {
|
---|
387 | global $wpdb;
|
---|
388 | if ( !is_numeric( $user_id ) )
|
---|
389 | return false;
|
---|
390 | $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
|
---|
391 |
|
---|
392 | /** @todo Might need fix because usermeta data is assumed to be already escaped */
|
---|
393 | if ( is_string($meta_value) )
|
---|
394 | $meta_value = stripslashes($meta_value);
|
---|
395 | $meta_value = maybe_serialize($meta_value);
|
---|
396 |
|
---|
397 | if (empty($meta_value)) {
|
---|
398 | return delete_usermeta($user_id, $meta_key);
|
---|
399 | }
|
---|
400 |
|
---|
401 | $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
|
---|
402 | if ( !$cur )
|
---|
403 | $wpdb->insert($wpdb->usermeta, compact('user_id', 'meta_key', 'meta_value') );
|
---|
404 | else if ( $cur->meta_value != $meta_value )
|
---|
405 | $wpdb->update($wpdb->usermeta, compact('meta_value'), compact('user_id', 'meta_key') );
|
---|
406 | else
|
---|
407 | return false;
|
---|
408 |
|
---|
409 | wp_cache_delete($user_id, 'users');
|
---|
410 |
|
---|
411 | return true;
|
---|
412 | }
|
---|
413 |
|
---|
414 | //
|
---|
415 | // Private helper functions
|
---|
416 | //
|
---|
417 |
|
---|
418 | /**
|
---|
419 | * Setup global user vars.
|
---|
420 | *
|
---|
421 | * Used by set_current_user() for back compat. Might be deprecated in the
|
---|
422 | * future.
|
---|
423 | *
|
---|
424 | * @since 2.0.4
|
---|
425 | * @global string $userdata User description.
|
---|
426 | * @global string $user_login The user username for logging in
|
---|
427 | * @global int $user_level The level of the user
|
---|
428 | * @global int $user_ID The ID of the user
|
---|
429 | * @global string $user_email The email address of the user
|
---|
430 | * @global string $user_url The url in the user's profile
|
---|
431 | * @global string $user_pass_md5 MD5 of the user's password
|
---|
432 | * @global string $user_identity The display name of the user
|
---|
433 | *
|
---|
434 | * @param int $user_id Optional. User ID to setup global data.
|
---|
435 | */
|
---|
436 | function setup_userdata($user_id = '') {
|
---|
437 | global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity;
|
---|
438 |
|
---|
439 | if ( '' == $user_id )
|
---|
440 | $user = wp_get_current_user();
|
---|
441 | else
|
---|
442 | $user = new WP_User($user_id);
|
---|
443 |
|
---|
444 | if ( 0 == $user->ID )
|
---|
445 | return;
|
---|
446 |
|
---|
447 | $userdata = $user->data;
|
---|
448 | $user_login = $user->user_login;
|
---|
449 | $user_level = (int) isset($user->user_level) ? $user->user_level : 0;
|
---|
450 | $user_ID = (int) $user->ID;
|
---|
451 | $user_email = $user->user_email;
|
---|
452 | $user_url = $user->user_url;
|
---|
453 | $user_pass_md5 = md5($user->user_pass);
|
---|
454 | $user_identity = $user->display_name;
|
---|
455 | }
|
---|
456 |
|
---|
457 | /**
|
---|
458 | * Create dropdown HTML content of users.
|
---|
459 | *
|
---|
460 | * The content can either be displayed, which it is by default or retrieved by
|
---|
461 | * setting the 'echo' argument. The 'include' and 'exclude' arguments do not
|
---|
462 | * need to be used; all users will be displayed in that case. Only one can be
|
---|
463 | * used, either 'include' or 'exclude', but not both.
|
---|
464 | *
|
---|
465 | * The available arguments are as follows:
|
---|
466 | * <ol>
|
---|
467 | * <li>show_option_all - Text to show all and whether HTML option exists.</li>
|
---|
468 | * <li>show_option_none - Text for show none and whether HTML option exists.
|
---|
469 | * </li>
|
---|
470 | * <li>orderby - SQL order by clause for what order the users appear. Default is
|
---|
471 | * 'display_name'.</li>
|
---|
472 | * <li>order - Default is 'ASC'. Can also be 'DESC'.</li>
|
---|
473 | * <li>include - User IDs to include.</li>
|
---|
474 | * <li>exclude - User IDs to exclude.</li>
|
---|
475 | * <li>multi - Default is 'false'. Whether to skip the ID attribute on the 'select' element.</li>
|
---|
476 | * <li>show - Default is 'display_name'. User table column to display. If the selected item is empty then the user_login will be displayed in parentesis</li>
|
---|
477 | * <li>echo - Default is '1'. Whether to display or retrieve content.</li>
|
---|
478 | * <li>selected - Which User ID is selected.</li>
|
---|
479 | * <li>name - Default is 'user'. Name attribute of select element.</li>
|
---|
480 | * <li>class - Class attribute of select element.</li>
|
---|
481 | * </ol>
|
---|
482 | *
|
---|
483 | * @since 2.3.0
|
---|
484 | * @uses $wpdb WordPress database object for queries
|
---|
485 | *
|
---|
486 | * @param string|array $args Optional. Override defaults.
|
---|
487 | * @return string|null Null on display. String of HTML content on retrieve.
|
---|
488 | */
|
---|
489 | function wp_dropdown_users( $args = '' ) {
|
---|
490 | global $wpdb;
|
---|
491 | $defaults = array(
|
---|
492 | 'show_option_all' => '', 'show_option_none' => '',
|
---|
493 | 'orderby' => 'display_name', 'order' => 'ASC',
|
---|
494 | 'include' => '', 'exclude' => '', 'multi' => 0,
|
---|
495 | 'show' => 'display_name', 'echo' => 1,
|
---|
496 | 'selected' => 0, 'name' => 'user', 'class' => ''
|
---|
497 | );
|
---|
498 |
|
---|
499 | $defaults['selected'] = is_author() ? get_query_var( 'author' ) : 0;
|
---|
500 |
|
---|
501 | $r = wp_parse_args( $args, $defaults );
|
---|
502 | extract( $r, EXTR_SKIP );
|
---|
503 |
|
---|
504 | $query = "SELECT * FROM $wpdb->users";
|
---|
505 |
|
---|
506 | $query_where = array();
|
---|
507 |
|
---|
508 | if ( is_array($include) )
|
---|
509 | $include = join(',', $include);
|
---|
510 | $include = preg_replace('/[^0-9,]/', '', $include); // (int)
|
---|
511 | if ( $include )
|
---|
512 | $query_where[] = "ID IN ($include)";
|
---|
513 |
|
---|
514 | if ( is_array($exclude) )
|
---|
515 | $exclude = join(',', $exclude);
|
---|
516 | $exclude = preg_replace('/[^0-9,]/', '', $exclude); // (int)
|
---|
517 | if ( $exclude )
|
---|
518 | $query_where[] = "ID NOT IN ($exclude)";
|
---|
519 |
|
---|
520 | if ( $query_where )
|
---|
521 | $query .= " WHERE " . join(' AND', $query_where);
|
---|
522 |
|
---|
523 | $query .= " ORDER BY $orderby $order";
|
---|
524 |
|
---|
525 | $users = $wpdb->get_results( $query );
|
---|
526 |
|
---|
527 | $output = '';
|
---|
528 | if ( !empty($users) ) {
|
---|
529 | $id = $multi ? "" : "id='$name'";
|
---|
530 |
|
---|
531 | $output = "<select name='$name' $id class='$class'>\n";
|
---|
532 |
|
---|
533 | if ( $show_option_all )
|
---|
534 | $output .= "\t<option value='0'>$show_option_all</option>\n";
|
---|
535 |
|
---|
536 | if ( $show_option_none )
|
---|
537 | $output .= "\t<option value='-1'>$show_option_none</option>\n";
|
---|
538 |
|
---|
539 | foreach ( (array) $users as $user ) {
|
---|
540 | $user->ID = (int) $user->ID;
|
---|
541 | $_selected = $user->ID == $selected ? " selected='selected'" : '';
|
---|
542 | $display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
|
---|
543 | $output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n";
|
---|
544 | }
|
---|
545 |
|
---|
546 | $output .= "</select>";
|
---|
547 | }
|
---|
548 |
|
---|
549 | $output = apply_filters('wp_dropdown_users', $output);
|
---|
550 |
|
---|
551 | if ( $echo )
|
---|
552 | echo $output;
|
---|
553 |
|
---|
554 | return $output;
|
---|
555 | }
|
---|
556 |
|
---|
557 | /**
|
---|
558 | * Add user meta data as properties to given user object.
|
---|
559 | *
|
---|
560 | * The finished user data is cached, but the cache is not used to fill in the
|
---|
561 | * user data for the given object. Once the function has been used, the cache
|
---|
562 | * should be used to retrieve user data. The purpose seems then to be to ensure
|
---|
563 | * that the data in the object is always fresh.
|
---|
564 | *
|
---|
565 | * @access private
|
---|
566 | * @since 2.5.0
|
---|
567 | * @uses $wpdb WordPress database object for queries
|
---|
568 | *
|
---|
569 | * @param object $user The user data object.
|
---|
570 | */
|
---|
571 | function _fill_user( &$user ) {
|
---|
572 | global $wpdb;
|
---|
573 |
|
---|
574 | $show = $wpdb->hide_errors();
|
---|
575 | $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user->ID));
|
---|
576 | $wpdb->show_errors($show);
|
---|
577 |
|
---|
578 | if ( $metavalues ) {
|
---|
579 | foreach ( (array) $metavalues as $meta ) {
|
---|
580 | $value = maybe_unserialize($meta->meta_value);
|
---|
581 | $user->{$meta->meta_key} = $value;
|
---|
582 | }
|
---|
583 | }
|
---|
584 |
|
---|
585 | $level = $wpdb->prefix . 'user_level';
|
---|
586 | if ( isset( $user->{$level} ) )
|
---|
587 | $user->user_level = $user->{$level};
|
---|
588 |
|
---|
589 | // For backwards compat.
|
---|
590 | if ( isset($user->first_name) )
|
---|
591 | $user->user_firstname = $user->first_name;
|
---|
592 | if ( isset($user->last_name) )
|
---|
593 | $user->user_lastname = $user->last_name;
|
---|
594 | if ( isset($user->description) )
|
---|
595 | $user->user_description = $user->description;
|
---|
596 |
|
---|
597 | wp_cache_add($user->ID, $user, 'users');
|
---|
598 | wp_cache_add($user->user_login, $user->ID, 'userlogins');
|
---|
599 | wp_cache_add($user->user_email, $user->ID, 'useremail');
|
---|
600 | wp_cache_add($user->user_nicename, $user->ID, 'userslugs');
|
---|
601 | }
|
---|
602 |
|
---|
603 | ?>
|
---|